401 Access denied with SSL

17 views
Skip to first unread message

russianbandit

unread,
Jun 9, 2008, 6:45:54 PM6/9/08
to soap4r
Hi,

I've spent some time now trying to get my ruby script to talk to a SSL
SOAP server.
I'm using this soap/property file:

client.protocol.http.ssl_config.verify_mode =
OpenSSL::SSL::VERIFY_NONE
client.protocol.http.basic_auth.1.url = https://servername/path/to/file.wsdl
client.protocol.http.basic_auth.1.userid = username
client.protocol.http.basic_auth.1.password = password

And here's my simple ruby script:

gem 'soap4r'
require 'httpclient'
require 'soap/wsdlDriver'

wsdl = 'https://servername/path/to/file.wsdl'

soap = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver
soap.wiredump_dev = STDOUT

puts soap.someServerMethod(:argName => "*")

This is returning a "401" Access denied error.

So I looked at the wiredump and noticed that upon request the "WWW-
Authenticate" field is missing from the request header (not sure if it
should be there). Notice that the response does have this field.
Also it the username and password are being sent in clear text, and
not encoded at all. It seems to me that basic auth should encode the
credentials.
Here's what the request and response look like:

= Request

! CONNECT TO SERVERNAME:80
! CONNECTION ESTABLISHED
POST /CCMApi/AXL/V1/SOAPISAPI.dll HTTP/1.1
SOAPAction: "http://www.cisco.com/AXLPort/listPhoneByName"
Content-Type: text/xml; charset=utf-8
User-Agent: SOAP4R/1.5.8 (/187, ruby 1.8.6 (2007-09-24) [i386-
mswin32])
Date: Mon, 09 Jun 2008 22:30:11 GMT
Content-Length: 622
Host: SERVERNAME

<?xml version="1.0" encoding="utf-8" ?>
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<n1:authHeader xmlns:n1="urn:tempuri.org"
env:mustUnderstand="1">
<n1:passwd>username</n1:passwd>
<n1:userid>password</n1:userid>
</n1:authHeader>
</env:Header>
<env:Body>
<n2:listPhoneByName xmlns:n2="http://www.cisco.com/AXL/API/1.0">
<searchString>*</searchString>
</n2:listPhoneByName>
</env:Body>
</env:Envelope>

= Response

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Mon, 09 Jun 2008 19:30:23 GMT
WWW-Authenticate: Basic realm="SERVERNAME"
Connection: close
Content-Length: 4431
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
...
This is usually caused by a server-side script not sending the
proper WWW-Authenticate heade
r field. Using Active Server Pages scripting this is done by using the
<strong>AddHeader</strong> me
thod of the <strong>Response</strong> object to request that the
client use a certain authentication
method to access the resource.
...
</html>
! CONNECTION CLOSED

Any help would be appreciated.

russianbandit

unread,
Jun 9, 2008, 6:56:33 PM6/9/08
to soap4r
I apologize that wiredump was from me trying a custom header.
So the whole "credentials in cleartext" can be ignored.
However, the "WWW-Authenticate" is still missing. I'm guessing that is
why I get the 401.

This is the wiredump from the actual code I provide above:

Wire dump:

= Request

! CONNECT TO CCMSERVERNAME:80
! CONNECTION ESTABLISHED
POST /CCMApi/AXL/V1/SOAPISAPI.dll HTTP/1.1
SOAPAction: "http://www.cisco.com/AXLPort/listPhoneByName"
Content-Type: text/xml; charset=utf-8
User-Agent: SOAP4R/1.5.8 (/187, ruby 1.8.6 (2007-09-24) [i386-
mswin32])
Date: Mon, 09 Jun 2008 22:53:29 GMT
Content-Length: 390
Host: CCMSERVERNAME

<?xml version="1.0" encoding="utf-8" ?>
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Body>
<n1:listPhoneByName xmlns:n1="http://www.cisco.com/AXL/API/1.0">
<searchString>*</searchString>
</n1:listPhoneByName>
</env:Body>
</env:Envelope>

= Response

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Mon, 09 Jun 2008 19:53:42 GMT
WWW-Authenticate: Basic realm="CCMSERVERNAME"
Connection: close
Content-Length: 4431
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
...
This is usually caused by a server-side script not sending the
proper WWW-Authenticate heade
r field. Using Active Server Pages scripting this is done by using the
<strong>AddHeader</strong> me
thod of the <strong>Response</strong> object to request that the
client use a certain authentication
method to access the resource.
...
</html>
! CONNECTION CLOSED

On Jun 9, 4:45 pm, russianbandit <russianban...@gmail.com> wrote:
> Hi,
>
> I've spent some time now trying to get my ruby script to talk to a SSL
> SOAP server.
> I'm using this soap/property file:
>
> client.protocol.http.ssl_config.verify_mode =
> OpenSSL::SSL::VERIFY_NONE
> client.protocol.http.basic_auth.1.url =https://servername/path/to/file.wsdl
Reply all
Reply to author
Forward
0 new messages